Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Summary of Contents for Anyfi Networks Carrier Wi-Fi System
- Page 1 Anyfi Networks Carrier Wi-Fi System GATEWAY REFERENCE GUIDE Overview Installation Basic Configuration Wi-Fi Client Isolation Wi-Fi Security Settings IEEE 802.1X and EAP RADIUS for AAA GRE for Payload System Monitoring Västergatan 31 B 21121 Malmö Sweden info@anyfinetworks.com...
- Page 2 COPYRIGHT Copyright © 2013-2014 Anyfi Networks AB NOTICES Anyfi Networks proprietary. Anyfi is a registered trademark of Anyfi Networks AB. All other trademarks are the property of their respective owners. RELEASE DATE: 14 of April 2014 DOCUMENT REVISION: R1C v11...
-
Page 3: Table Of Contents
Contents Preface ............................v Intended Audience ........................... v Document Conventions ........................v Advisory Paragraphs ......................... v Typographic Conventions ......................vi Chapter 1: Functionality Overview ....................1 Concepts and Principles ........................2 Tunnel Termination Point......................2 Service ............................2 Chapter 2: Installation ........................3 Installing as a Virtual Appliance ....................... - Page 4 UDP/IP Port Range ........................12 Load Balancing and Failover ....................13 Chapter 4: Integration ........................14 RADIUS for AAA ..........................14 Authentication .......................... 14 Authorization ..........................15 Accounting ..........................17 GRE for User Payload ........................18 SNMP for System Monitoring......................18 GATEWAY REFERENCE GUIDE...
-
Page 5: Preface
Preface This document details how to install, configure and integrate the Gateway component of our Carrier Wi-Fi System. Intended Audience This document is intended for system and network administrators. Readers should have specific knowledge in the following areas: Networking and data communications ... -
Page 6: Typographic Conventions
in the following example: NOTE The Controller is a controller in the Software-Defined Networking (SDN) sense of the word, not in the typical corporate WLAN sense. Typographic Conventions This document uses the following typographic conventions: Examples, command-line output, and representations of Monospace configuration nodes. -
Page 7: Chapter 1: Functionality Overview
Chapter 1: Functionality Overview The Software-Defined Wireless Networking (SDWN) architecture separates the radio access problem from service definition. The Gateway network element plays an essential role in the latter area, allowing an operator to design and implement a carrier Wi-Fi service in the trusted environment of a data center or mobile core, safe in the knowledge that the radio access problem can be separately addressed later. -
Page 8: Concepts And Principles
Concepts and Principles In this section we introduce some basic concepts and principles that we will use when configuring the Gateway. Apart from the concepts introduced below you should also be familiar with the following IEEE 802.11 terms: Station (STA) ... -
Page 9: Chapter 2: Installation
Another example is when the operator wishes to use physical hardware for the installation. Vyatta Network OS can then be installed on the hardware, followed by Gateway software. First configure the Vyatta system to use Anyfi Networks’ software repository. vyatta@vyatta:~$ configure Enter configuration mode... - Page 10 NOTE The Gateway software is freely available as part of the Community Edition of our Carrier Wi-Fi System. Community Edition is unsupported and restricted to a maximum of 100 radios and services, but can be used for both commercial and non- commercial purposes.
-
Page 11: Upgrading To A Newer Version
Stopping anyfi gateway: anyfi-gateway. Starting anyfi gateway: anyfi-gateway. This will install new versions of the two packages containing the Gateway software, if such are available in Anyfi Networks' package repository. CAUTION Restarting the Gateway will disrupt service for associated Wi-Fi clients. -
Page 12: Chapter 3: Configuration
Chapter 3: Configuration In this chapter we show how to configure the Gateway for basic as well as more advanced use-cases. Basic Networking The Gateway will need at least two network interfaces; one for its SDWN data and control plane (UDP/IP) connections and a (logical) bridge for Wi-Fi client traffic (Ethernet). -
Page 13: Basic Examples
Basic Examples In this section we provide two example Wi-Fi network configurations. Open Wi-Fi We start by configuring an open Wi-Fi network with the SSID "ex-open". vyatta@vyatta:~$ configure Enter configuration mode [edit] vyatta@vyatta# edit service anyfi gateway "open-gw" Create a Gateway instance [edit service anyfi gateway open-gw] vyatta@vyatta# set controller x.x.x.x [edit service anyfi gateway open-gw]... -
Page 14: Wi-Fi Client Isolation
vyatta@vyatta# edit service anyfi gateway "1x-gw" Create a Gateway instance [edit service anyfi gateway 1x-gw] vyatta@vyatta# set controller x.x.x.x [edit service anyfi gateway 1x-gw] vyatta@vyatta# set bridge br0 [edit service anyfi gateway 1x-gw] vyatta@vyatta# set ssid "Secure Wi-Fi" [edit service anyfi gateway 1x-gw] vyatta@vyatta# set wpa2 [edit service anyfi gateway 1x-gw] vyatta@vyatta# set authentication eap radius-server x.x.x.x... -
Page 15: Wi-Fi Security Settings
isolation. When this feature is enabled two devices connected to the same access point will be prevented from communicating directly with each other on Layer 2. The Gateway provides a similar configuration option: vyatta@vyatta:~$ configure Enter configuration mode [edit] vyatta@vyatta# set service anyfi gateway "open-gw" isolation Enable isolation of clients on Layer 2 [edit]... -
Page 16: Radius Settings
RADIUS Settings In this section we illustrate how to configure the Gateway to use one or several RADIUS servers for Authentication, Authorization and Accounting (AAA). In Chapter 4 we will go into the details of RADIUS interface capabilities. Authentication The Gateway implements an IEEE 802.1X pass-through authenticator and can be configured to use an external RADIUS server for EAP authentication. -
Page 17: Accounting
vyatta@vyatta# set radius-secret secret [edit service anyfi gateway 1x-gw authorization] vyatta@vyatta# top [edit] vyatta@vyatta# commit Commit, save and exit configuration mode vyatta@vyatta# save vyatta@vyatta# exit Accounting Accounting information is provided on a RADIUS interface in standard RFC2866 format. Note that up to two RADIUS accounting servers can be configured. This is useful in cases where separate RADIUS servers are used for authentication and authorization, and both require accounting information. -
Page 18: Controller
Controller In the Software-Defined Wireless Networking (SDWN) architecture the control plane is centralized in a Controller, while the data plane remains distributed. Data plane elements like the Gateway are configured with the IP address or fully qualified domain name (FQDN) of the Controller. vyatta@vyatta:~$ configure Enter configuration mode [edit]... -
Page 19: Load Balancing And Failover
Load Balancing and Failover Automatic load balancing and failover between multiple Gateways is built into the Software-Defined Wireless Networking (SDWN) architecture. All that is required from the operator is that they configure all Gateway instances with the same service UUID. First generate a random UUID. -
Page 20: Chapter 4: Integration
Chapter 4: Integration In this section we detail how to integrate the Gateway towards external systems. RADIUS for AAA RADIUS interfaces allow for integration towards external Authentication, Authorization and Accounting (AAA) servers. In Chapter 3 we illustrated how to configure these interfaces. -
Page 21: Authorization
EAP-Message Access-Challenge Microsoft-MPPE-Recv-Key Access-Accept Access-Accept Microsoft-MPPE-Send-Key NOTE If no separate authorization server is configured then the authorization messages and attributes below are at the authentication server's disposal. Authorization The following RADIUS message types are supported on the authorization interface: Access-Request ... - Page 22 Error-Cause CoA-NAK, Disconnect-NAK Session-Timeout Access-Accept, CoA-Request Access-Accept, CoA-Request Termination-Action Filter-Id Access-Accept, CoA-Request NAS-Filter-Rule Access-Accept, CoA-Request Acct-Interim-Interval Access-Accept, CoA-Request Tunnel-Type Access-Accept, CoA-Request Tunnel-Medium-Type Access-Accept, CoA-Request Access-Accept, CoA-Request Tunnel-Private-Group-ID Access-Accept, CoA-Request WISPr-Redirection-URL WISPr-Bandwidth-Max-Up Access-Accept, CoA-Request WISPr-Bandwidth-Max-Down Access-Accept, CoA-Request Cisco-AV-Pair: url-redirect Access-Accept, CoA-Request The following table lists the Filter-Id values recognized by the Gateway.
-
Page 23: Accounting
Tunnel medium type is IEEE Std 802 Table 6: Supported Tunnel-Private-Group-ID values. Value Interpretation 1-4096 IEEE Std 802.1Q VLAN tag Accounting The following RADIUS message types are supported on the accounting interface: Accounting-Request Accounting-Response The following table lists the RADIUS attributes supported on the accounting interface, as well as the message types that may contain them. -
Page 24: Gre For User Payload
Acct-Output-Gigawords Accounting-Request GRE for User Payload The preferred interface for integration towards an external Wi-Fi gateway is native Layer 2 bridged Ethernet. But the Vyatta Network OS also supports GRE tunneling of bridged Ethernet frames. vyatta@vyatta:~$ configure Enter configuration mode [edit] vyatta@vyatta# edit interfaces tunnel tun0 Configure GRE tunnel in... - Page 25 [edit service snmp] vyatta@vyatta# set trap-target x.x.x.x community name [edit service snmp] vyatta@vyatta# set location location [edit service snmp] vyatta@vyatta# set contact contact [edit service snmp] vyatta@vyatta# top [edit] vyatta@vyatta# commit Commit, save and exit configuration mode vyatta@vyatta# save vyatta@vyatta# exit GATEWAY REFERENCE GUIDE...
Need help?
Do you have a question about the Carrier Wi-Fi System and is the answer not in the manual?
Questions and answers